[Bro-Dev] UDP connection_established event?
Vlad Grigorescu
vlad at grigorescu.org
Thu Mar 1 18:52:56 PST 2018
I would like to propose a new event in Bro, one that would fire when a UDP
connection is established (i.e. a response is observed within some time
frame after a request is seen). Basically, the UDP equivalent of
connection_established.
Currently, I think the only way to do this would be either with
new_connection or with udp_reply. Neither of these seem like great
solutions, as they'd require keeping state in script-land, and most of the
events wouldn't be useful.
Does anyone have thoughts about this? Thanks,
--Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20180301/5fd10c47/attachment.html
More information about the bro-dev
mailing list